Since there are many threats to WiMAX, therefore we will restrict our discussion on the most important aspects, and those are the application layer threat, the physical layer threat, the sub-privacy layer threat and the data link layer.
Application Layer Threats to WiMAX
For example, in an WiMax mesh network installation where routers or gateways will operate as intermediaries, or hot spots linking client and base station, there is an increased potential of security vulnerabilities, as the intermediary routers that reside between base station and client are presentable and vulnerable to attacks. Popular application level services, such as voice over Internet protocol (VoIP), could be broken by hackers who can initiate the download of remote configuration settings and resynchronize clients’ CPE settings to their specifications. Hackers may also replicate, or spoof the address of the intermediary router or server and deceive other clients into believing their connection is secure, thus opening them up to malicious attack. These routers and gateways will require robust security measures to ensure that unprotected clients remain protected behind the intermediary access point.
The majority of existing routers will have their own firewall components that provide Application Layer Gateway (ALG) functionality for the signalling protocols that support and keep multiple sessions. Any deficiency in the ALG functionality could result in diminished QoS for low latency applications, such as VoIP and videoconferencing. OEMs must develop devices with ALGs that permit inward call requests to the devices only from the device registered with the server and endpoints, while dynamically allowing inward media packets only on call set up. These media sessions are to be disabled on termination of the connection.
Physical Layer Threats to WiMAX
Privacy Sub Layer Threats to WiMAX
Privacy Sub-layer’s main objective was to protect service providers against theft of service, rather than securing network users. It is obvious that the privacy layer only secures data at the data link layer, but it does not ensure complete encryption of user data. Furthermore, it does not protect physical layer from being interrupted. It is essential to include technologies to secure physical layer and higher layer security for a converged routable network and devices within the system.
Data Link Layer Threats to WiMAX
Like Wi-Fi, the WiMax Media Access Control (MAC) protocol, a sub layer of the data link layer, manage the consumer’s access to the physical layer. However, the scheduling algorithm within the WiMAX MAC protocol offers optimal prioritization of this traffic based on First-In First-Out (FIFO) scheduling, in which clients seeking access to the base station are allocated bandwidth upon time of initial access, instead of random queue assignment based on order of MAC address as in Wi-Fi. Furthermore, the WiMax MAC protocol ensures optimal quality of service (QoS) over its WiFi predecessor, allocating bandwidth effectively by balancing client’s needs instead of best effort service; that is, equal distribution of what remains after allocation to other consumers.
In addition, before encrypting the radio signal with Wired Equivalent Privacy (WEP), WPA/PSK, or any other existing Layer 2 security protocol, WiMax basic authentication architecture, by default, employs X.509-based public key infrastructure (PKI) certificate authorization, in which the base station authenticates the client’s digital certificate prior to granting access to the physical layer.
No comments:
Post a Comment